[prev in list] [next in list] [prev in thread] [next in thread]
List: ossec-list
Subject: Re: [ossec-list] OSSEC syslog in UDP
From: Gerard Petersen <gerard () cap5 ! nl>
Date: 2013-10-27 12:48:40
Message-ID: 5b27023b-e31e-42c6-843d-27075581b7c9 () googlegroups ! com
[Download RAW message or body]
Thanx again! :)
On Tuesday, October 22, 2013 2:14:49 PM UTC+2, dan (ddpbsd) wrote:
>
>
> On Oct 22, 2013 6:13 AM, "Gerard Petersen" <ger...@cap5.nl <javascript:>>
> wrote:
> >
> > Hi all,
> >
> > I'm testing OSSEC to come to a definitive optimal setup and have some
> questions on the syslog/remote configuration. Going through the archives it
> seems secure connection and protocol tcp can not be combined (tcpdump
> confirmed this). So this won't work:
> >
> > <remote>
> > <connection>secure</connection>
> > <protocol>tcp</protocol>
> > </remote>
> >
> > OSSEC keeps message counters in [ossec_dir]/queue/rids/ .. Does this
> mean when using UDP, still no messages are lost?
> >
> > How does the agent know what protocol and/or port to use since
> everything is only configured server side?
> >
>
> The agent only does secure mode.
>
> > Thanx a lot for helping me out!
> >
> > Kind regards,
> >
> > Gerard.
> >
> > --
> >
> > ---
> > You received this message because you are subscribed to the Google
> Groups "ossec-list" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to ossec-list+...@googlegroups.com <javascript:>.
> > For more options, visit https://groups.google.com/groups/opt_out.
>
--
---
You received this message because you are subscribed to the Google Groups \
"ossec-list" group. To unsubscribe from this group and stop receiving emails from it, \
send an email to ossec-list+unsubscribe@googlegroups.com. For more options, visit \
https://groups.google.com/groups/opt_out.
[Attachment #3 (text/html)]
<div dir="ltr">Thanx again! :)<br><br>On Tuesday, October 22, 2013 2:14:49 PM UTC+2, \
dan (ddpbsd) wrote:<blockquote class="gmail_quote" style="margin: 0;margin-left: \
0.8ex;border-left: 1px #ccc solid;padding-left: 1ex;"><p dir="ltr"><br> On Oct 22, \
2013 6:13 AM, "Gerard Petersen" <<a href="javascript:" target="_blank" \
gdf-obfuscated-mailto="0kh-2cpdZX0J">ger...@cap5.nl</a>> wrote:<br> ><br>
> Hi all,<br>
><br>
> I'm testing OSSEC to come to a definitive optimal setup and have some questions \
on the syslog/remote configuration. Going through the archives it seems secure \
connection and protocol tcp can not be combined (tcpdump confirmed this). So this \
won't work:<br>
><br>
> <remote><br>
> <connection>secure</<wbr>connection><br>
> <protocol>tcp</protocol><br>
> </remote><br>
><br>
> OSSEC keeps message counters in [ossec_dir]/queue/rids/ .. Does this mean when \
using UDP, still no messages are lost?<br> ><br>
> How does the agent know what protocol and/or port to use since everything is \
only configured server side?<br> ></p>
<p dir="ltr">The agent only does secure mode.</p>
<p dir="ltr">> Thanx a lot for helping me out!<br>
><br>
> Kind regards,<br>
><br>
> Gerard.<br>
><br>
> -- <br>
> <br>
> --- <br>
> You received this message because you are subscribed to the Google Groups \
"ossec-list" group.<br> > To unsubscribe from this group and stop receiving emails \
from it, send an email to <a href="javascript:" target="_blank" \
gdf-obfuscated-mailto="0kh-2cpdZX0J">ossec-list+...@<wbr>googlegroups.com</a>.<br> \
> For more options, visit <a href="https://groups.google.com/groups/opt_out" \
target="_blank">https://groups.google.com/<wbr>groups/opt_out</a>.<br> </p>
</blockquote></div>
<p></p>
-- <br />
<br />
--- <br />
You received this message because you are subscribed to the Google Groups \
"ossec-list" group.<br /> To unsubscribe from this group and stop receiving \
emails from it, send an email to ossec-list+unsubscribe@googlegroups.com.<br /> For \
more options, visit <a \
href="https://groups.google.com/groups/opt_out">https://groups.google.com/groups/opt_out</a>.<br \
/>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic